Explotación pública
Catálogo de exploits
Todo exploit público que catalogamos, en un solo índice. Busca por CVE, nombre del exploit o tecnología — y mira, al lado, lo que la falla realmente vale: severidad, probabilidad de explotación y si ya está bajo ataque.
71.062exploits catalogados
31.617CVEs con explotación pública
0probados en laboratorio
TodosExploit-DB 22.467Referência 19.791GitHub PoC 13.086VulnCheck XDB 8069Nuclei 4187Metasploit 3462✓ solo verificadosrecientespopularesriesgo
71.062 exploits
GitHub PoC
Laboratory validation of CVE-2026-48282 in Adobe ColdFusion RDS, covering arbitrary CFM file write, code execution as the ColdFusion service user, auditd and PCAP evidence, event timeline reconstruction, and SOC detection recommendations. Includes Polish and English reports.
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
68RIESGO
abrir ↗GitHub PoC
CVE-2026-14191 - Draft
WinRAR / UnRAR RAR5 recovery-volume (.rev) out-of-bounds heap write in RecVolumes5::ReadHeader
41RIESGO
abrir ↗Exploit-DB
Hydra - Stack Buffer Overflow
Hydra - Stack Buffer Overflow in NTLM Authentication Handler
41RIESGO
abrir ↗GitHub PoC★ 9
CVE-2026-20896 Gitea Docker X-WEBAUTH-USER auth bypass checker
Gitea Docker image trusts spoofable reverse-proxy headers by default
48RIESGO
abrir ↗VulnCheck XDB
initial-access
LiteLLM: Authenticated command execution via MCP stdio test endpoints
100RIESGO
abrir ↗VulnCheck XDB
initial-access
Gitea Docker image trusts spoofable reverse-proxy headers by default
48RIESGO
abrir ↗Exploit-DB
Joomla Extension 4.1.4 - PHP Object injection
Joomla Extension - joomshaper.com - PHP Object injection in SP LMS extension for Joomla < 4.1.4
48RIESGO
abrir ↗GitHub PoC
Reproducer for CVE-2026-33453: Apache Camel camel-coap header injection to RCE via camel-exec
Apache Camel: CoAP URI Query Parameter to Exchange Header Injection in camel-coap Allows Single-Packet Pre-Auth Remote Code Execution
63RIESGO
abrir ↗GitHub PoC
Reproducer for CVE-2026-27172: Apache Camel camel-consul ConsulRegistry Java deserialization (RCE)
Apache Camel: Unsafe Java deserialization in camel-consul ConsulRegistry allows arbitrary code execution via malicious values read from the Consul KV store
41RIESGO
abrir ↗VulnCheck XDB
initial-access
telnetd in GNU Inetutils through 2.7 allows remote authentication bypass via a "-f root" value for the USER environment
100RIESGO
abrir ↗GitHub PoC★ 1
Reproducer for CVE-2026-33454: Apache Camel camel-mail header injection to RCE via camel-exec
Apache Camel: Inbound Header Filter Missing in MailHeaderFilterStrategy Allows Remote Code Execution via MIME Header Injection (CVE-2025-30177 Variant)
48RIESGO
abrir ↗Exploit-DB
Pulpy 0.1.1-Beta - Filesystem Sandbox Bypass
Pulpy: Incomplete filesystem sandbox in pulpy.fs bridge allows packaged web apps to read arbitrary user files
48RIESGO
abrir ↗GitHub PoC
Exploitability PoC for CVE-2026-49352 (9router Hardcoded JWT Secret Authentication Bypass)
9Router: Hardcoded Default fallback JWT Secret Allows Authentication Bypass
45RIESGO
abrir ↗GitHub PoC
HTB "Abducted" write-up. Exploit CVE-2026-4480 (Samba RCE) → SMB wide links → systemd → root. Full methodology and flags.
Samba: samba: remote code execution in printing subsystem via unescaped job description
68RIESGO
abrir ↗VulnCheck XDB
initial-access
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1
100RIESGO
abrir ↗Exploit-DB
KeepInMind 0.8.4.2 - Stored XSS
KeepInMind - Dashboard Notes < 0.8.4.2 - Contributor+ Stored XSS
33RIESGO
abrir ↗GitHub PoC
Reproducer for CVE-2026-40022: Apache Camel camel-platform-http-main authentication bypass on non-root context paths
Apache Camel Platform HTTP Main: Authentication Bypass on Non-Root Context Paths in camel main runtime
41RIESGO
abrir ↗VulnCheck XDB
initial-access
LA-Studio Element Kit for Elementor <= 1.5.6.3 - Unauthenticated Privilege Escalation via Backdoor to Administrative User Creation via lakit_bkrole parameter
48RIESGO
abrir ↗GitHub PoC
OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an empty X-Api-Key header value.
OpenBullet2 0.3.2 Authentication Bypass via X-Api-Key Header
63RIESGO
abrir ↗Exploit-DB
WordPress Plugin WPZOOM Portfolio 1.4.21 - Reflected Cross-Site Scripting (XSS)
WordPress WPZOOM Portfolio plugin <= 1.4.21 - Cross Site Scripting (XSS) vulnerability
41RIESGO
abrir ↗GitHub PoC
AF_ALG/splice 기반 Linux Page Cache 변조 취약점 분석 및 대응 실습
crypto: algif_aead - Revert to operating out-of-place
100RIESGO
abrir ↗GitHub PoC★ 20
imbas007/CVE-2026-48282
ColdFusion | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
68RIESGO
abrir ↗Exploit-DB
MEmu Android Emulator 9.2.7.0 - Local Privilege Escalation
An issue in Microvirt MEmu Android Emulator 9.2.7.0 allows a local attacker to escalate privileges via the MemuService.e
41RIESGO
abrir ↗GitHub PoC
Rust-based DLL hijacking loader for MobaXterm (CVE-2026-6421) with persistence
Mobatek MobaXterm Home Edition msimg32.dll uncontrolled search path
41RIESGO
abrir ↗GitHub PoC
HTB_Nexus Penetration Test Report – Comprehensive security assessment documenting credential leakage from Gitea, CVE-2026-38526 exploitation in Krayin CRM, and privilege escalation via Gitea template sync directory traversal. Mapped to MITRE ATT&CK and NSA D3FEND frameworks with actionable remediation roadmap and full evidence appendix.
An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x a
48RIESGO
abrir ↗GitHub PoC
Exploit for Authenticated Remote Code Execution (RCE) in Krayin CRM v2.2.x (CVE-2026-38526)
An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x a
48RIESGO
abrir ↗GitHub PoC★ 6
jaf0rk/CVE-2026-14382
Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to
48RIESGO
abrir ↗GitHub PoC★ 6
Public PoC and detector for CVE-2026-20896 ("Gitea Docker: One Header, Any User")
Gitea Docker image trusts spoofable reverse-proxy headers by default
48RIESGO
abrir ↗GitHub PoC★ 5
Epson Printer RAW Protocol Exploit Framework
Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a remote attacker to execute arbitrary code via the RAW Prin
41RIESGO
abrir ↗Indexamos solo el enlace público a la prueba de concepto — nunca alojamos ni redistribuimos código de explotación. Fuentes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit y VulnCheck XDB. La existencia de PoC pública no significa que la falla sea explotable en tu entorno.